Another new scareware scam

Computer users are being warned by the FBI of another new scam involving scareware. A piece of malware called Citadel is redirecting users to a scam site that installs the scareware on their machines and then demands a $100 payment to unlock them. This scareware uses a new twist in that it threatens prosecution by the Department of Justice as a prompt to get users to pay.

The malware is a drive-by download attack. The attack is the same as others in the past few years in that it first sends the user to a malicious site. Typically, the site then uses an exploit in the users browser which then installs the scareware.

In a few cases, the scareware will tell the user that their system is infected with some sort of malware and offers to remove it for a fee. In this case, the malware locks the victims computer and tells the user that they have violated U.S. law and faces potential criminal prosecution.

"The message further declares the user's IP address was identified by the Computer Crime & Intellectual Property Section as visiting child pornography and other illegal content," the FBI warning says.

"To unlock their computer the user is instructed to pay a $100 fine to the US Department of Justice, using prepaid money card services. The geographic location of the user's IP address determines what payment services are offered. In addition to the ransomware, the Citadel malware continues to operate on the compromised computer and can be used to commit online banking and credit card fraud."

Scareware is one of the more common attack vectors on the Web these days, and it's been surprisingly effective for several years now. Adding in the element of a threat of prosecution by the federal government only brings that up a level or two.

If you or someone you know has been infected by this new scam, please contact the Malware Team at MajorGeeks.com